[kphijack]

I have seen many posts with the same problems over the past week.
Even a college computer administrator is having the same issues.
This is serious sabotage.
I have exhausted all fixes and nothing works.

Any help or assistance appreciated?

Started April 11, 05

Inability to Paste in windows explorer
No Taskbar on desktop
Blank windows update page
Click Pandasoftware free scan button - nothing happens.

Avast, Spybot, Adaware find nothing.

HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 10:36:00 AM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\END USER\Desktop\HijackThis.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.MyJoi.net/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.MyJoi.net/MyJoi.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Joi Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryFix.exe] C:\Program Files\RegistryFix\registryfix.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\END USER\Desktop\HijackThis.exe /startupscan
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

[Advertisements]

I don't see anything wrong in this log.

Let's try these two things and see if they find anything:

Download StartDreck http://www.greyknigh.../StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

Let's use a program to scan for any trojans that may exist. Download TDS-3 http://tds.diamondcs...p?page=download. Learn how to use it at http://tds.diamondcs...?page=easytouse. Make sure to update it after you installed it. You can get the manual updates at http://tds.diamondcs...php?page=update. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to 'System Testing' on the menu and choose 'Full System Scan'. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies. If you have problems copying the text, look (or search) for a file named scandump.txt and see if that has the alarms - post that here.

[greyknight17]

I don't see anything wrong in this log.

Let's try these two things and see if they find anything:

Download StartDreck http://www.greyknigh.../StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

Let's use a program to scan for any trojans that may exist. Download TDS-3 http://tds.diamondcs...p?page=download. Learn how to use it at http://tds.diamondcs...?page=easytouse. Make sure to update it after you installed it. You can get the manual updates at http://tds.diamondcs...php?page=update. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to 'System Testing' on the menu and choose 'Full System Scan'. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies. If you have problems copying the text, look (or search) for a file named scandump.txt and see if that has the alarms - post that here.

[kphijack]

Thank you for replying.

I have posted below the log from StartDreck.

I went through the process of downloading and updating Tds-3, but when I ran the program - there was no dialog box - in Task Manager it would see the program running - so I let it run overnight - still running in the background - still no dialog box and no results.


StartDreck (build 2.1.7 public stable) - 2005-04-26 @ 11:53:24 (GMT -04:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as END USER at GATEWAY333

»Registry
»Run Keys
»Current User
»Run
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
*HijackThis startup scan=C:\Documents and Settings\END USER\Desktop\HijackThis.exe /startupscan
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*bwprnmon.exe=C:\BITWARE\NT\bwprnmon.exe
*WinampAgent="C:\Program Files\Winamp\Winampa.exe"
*ccRegVfy=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
*ccApp=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
*Drag'n'Drop_Autolaunch="C:\Program Files\Iomega HotBurn\Autolaunch.exe"
*HP Software Update="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
*Armor2net=C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
*VSOCheckTask="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
*VirusScan Online="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
*MCAgentExe=c:\PROGRA~1\mcafee.com\agent\mcagent.exe
*MCUpdateExe=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
*HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*McRegWiz=C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
*avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
*WinPatrol=C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*Adobe.AcroIEToolbarHelper.1/{AE7CD045-E861-484f-8273-0445EE161910}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=http://www.yahoo.com/search/ie.html
*Search Page=http://www.yahoo.com
*Start Page=http://www.google.com/
*Window Title=Joi Internet
+SearchUrl
*provider=yaho
*=http://search.yahoo.com/search?p=%s
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=www.MyJoi.net/search.htm
*Start Page=www.MyJoi.net/MyJoi.htm
*Window Title=Joi Internet
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\Userinit.exe
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\END USER\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
`device=C:\PROGRA~1\ALWILS~1\Avast4\aswmonds.sys
*C:\autoexec.bat
`PATH C:\BITWARE\
`Set tmp=c:\temp
`Set temp=c:\temp
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\taskman.exe
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
+C:\WINDOWS\uninst.exe
*C:\BITWARE\UNINST.EXE
»System/Drivers
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

[greyknight17]

So you can't even see the TDS-3 program running? Try renaming it to TDS-31.exe and run it. Some of these infections won't allow spyware/virus removal programs to run and renaming them may be a way around this.

[kphijack]

Renamed the executable tds-31.exe and same problem.
- No dialog box
- Windows Task Manager shows its running under the Applications tab.
- Under the Processes tab - shows tds-31.exe with 00 CPU and 8,520K Mem Usage.
- svchost.exe hovers around 90 CPU

These multiple problems I'm having must be a virus.
It disables security programs.
- McAfee and AVG have become useless and Avast is the only one I can get halfway running.

If I reload Windows XP would my existing information be saved and would I then be able to get to the windowsupdate page?
Or am I trapped.

Perplexed???

[greyknight17]

Depends what you mean by reload. Do you want to clean out everything and do a fresh/clean install? That's recommended than doing a install on top of the current version. But it will wipe out all the data, so you must backup your files. That should get rid of all the problems.

But if you want to continue, let's try doing this:

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.

[kphijack]

I cannot lose any data so reinstalling is out of the question.
Lets continue to search for this problem.
I ran the MWAV - The original log file I am able to copy and paste - it was over 7Mb so I copied and pasted the first section of the log and the last section.
I am attempting Cleanup this afternoon.

The First 6 Lines below are from the "Virus Log Information"
I had to type them out as I was unable to copy.
There seems to be a few viruses infected, besides whats in the Norton Vault and I don't even use Norton (also I cannot open, uninstall or delete Norton Antivirus).

VIRUS LOG INFORMATION

File System infected by "Alexa Spyware/Adware" Virus
File System infected by "Narrator Spyware/Adware" Virus
File C:\Program Files\Iomega\System32\Win2kDrivers.exe tagged as not a virus: tool.Win32Reboot
File *C:\ProgramFiles\NortonSystemWorks\NortonAntivirus\Quarantine\073836b8.exe infected
* Multiple Norton Systemworks\Norton Antivirus\Quarantine
* Total of 16 came up in the Norton Antivirus\Quarantine
File C:\TEMP\marinefree_249.exe infected by "not-a-virus:AdWare.NewDotNet" Virus


ORIGINAL LOG FILE

Thu Apr 28 14:08:53 2005 => **********************************************************
Thu Apr 28 14:08:53 2005 => MicroWorld AntiVirus Toolkit Utility.
Thu Apr 28 14:08:53 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Thu Apr 28 14:08:53 2005 => **********************************************************
Thu Apr 28 14:08:53 2005 => Version 6.1.1 (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mwavscan.com)
Thu Apr 28 14:08:53 2005 => Log File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MWAV.LOG
Thu Apr 28 14:08:53 2005 => MWAV Registered: FALSE.
Thu Apr 28 14:08:53 2005 => MWAV Mode: Only Scan files.
Thu Apr 28 14:08:54 2005 => Latest Date of files inside MWAV: 27 Apr 2005 07:34:04.
Thu Apr 28 14:09:06 2005 => AV Library Loaded...
Thu Apr 28 14:09:06 2005 => MWAV doing self scanning...
Thu Apr 28 14:09:06 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavss.exe
Thu Apr 28 14:09:06 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Getvlist.exe
Thu Apr 28 14:09:08 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavss.dll
Thu Apr 28 14:09:08 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavssdi.dll
Thu Apr 28 14:09:09 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavssi.dll
Thu Apr 28 14:09:09 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kavvlg.dll
Thu Apr 28 14:09:09 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msvlclnt.dll
Thu Apr 28 14:09:10 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ipc.dll
Thu Apr 28 14:09:10 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\main.avi
Thu Apr 28 14:09:11 2005 => Scanning File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\virus.avi
Thu Apr 28 14:09:11 2005 => MWAV files are clean.
Thu Apr 28 14:09:22 2005 => Virus Database Date: 2005/04/27
Thu Apr 28 14:09:22 2005 => Virus Database Count: 127505

Thu Apr 28 14:10:12 2005 => **********************************************************
Thu Apr 28 14:10:12 2005 => MicroWorld AntiVirus Toolkit Utility.
Thu Apr 28 14:10:12 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Thu Apr 28 14:10:12 2005 =>
Thu Apr 28 14:10:12 2005 => Support: [email protected]
Thu Apr 28 14:10:12 2005 => Web: http://www.mwti.net
Thu Apr 28 14:10:12 2005 => **********************************************************
Thu Apr 28 14:10:12 2005 => Version 6.1.1 (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mwavscan.com)
Thu Apr 28 14:10:12 2005 => Log File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MWAV.LOG
Thu Apr 28 14:10:12 2005 => User Account: Administrator
Thu Apr 28 14:10:12 2005 => Windows Root Folder: C:\WINDOWS
Thu Apr 28 14:10:12 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Thu Apr 28 14:10:12 2005 => OS: Windows NT
Thu Apr 28 14:10:12 2005 => Latest Date of files inside MWAV: 27 Apr 2005 07:34:04.

Thu Apr 28 14:10:13 2005 => Options Selected by User:
Thu Apr 28 14:10:13 2005 => Memory Check: Enabled
Thu Apr 28 14:10:13 2005 => Registry Check: Enabled
Thu Apr 28 14:10:13 2005 => StartUp Folder Check: Enabled
Thu Apr 28 14:10:13 2005 => System Folder Check: Enabled
Thu Apr 28 14:10:13 2005 => System Area Check: Disabled
Thu Apr 28 14:10:13 2005 => Services Check: Enabled
Thu Apr 28 14:10:13 2005 => Drive Check: Disabled
Thu Apr 28 14:10:13 2005 => All Drive Check :Enabled
Thu Apr 28 14:10:13 2005 => Folder Check: Disabled

Thu Apr 28 14:10:13 2005 => ***** Scanning Memory Files *****
Thu Apr 28 14:10:13 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Thu Apr 28 14:10:13 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll
Thu Apr 28 14:10:14 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Thu Apr 28 14:10:14 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Thu Apr 28 14:10:14 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll
Thu Apr 28 14:10:14 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll
Thu Apr 28 14:10:15 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Thu Apr 28 14:10:15 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Thu Apr 28 14:10:16 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Thu Apr 28 14:10:17 2005 => Scanning File C:\WINDOWS\system32\sxs.dll
Thu Apr 28 14:10:18 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Thu Apr 28 14:10:18 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Thu Apr 28 14:10:19 2005 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Thu Apr 28 14:10:19 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Thu Apr 28 14:10:19 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Thu Apr 28 14:10:20 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Thu Apr 28 14:10:20 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Thu Apr 28 14:10:20 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll

ABOVE IS THE FIRST SECTION OF LOG
________________________________________________________________

BELOW IS THE BACKEND OF LOG

Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\NATAL.TBL
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\NATALX.TBL
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\NUMERIC.TBL
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\ORBITELE.DAT
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\PLANETS.NDX
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\PLANETS.TXT
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\SIGHOUSE.NDX
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\SIGHOUSE.TXT
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\SUMMARY.NDX
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\SUMMARY.TBL
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\SUMMARY.TXT
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\TRANSASP.NDX
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\TRANSASP.TXT
Thu Apr 28 19:13:08 2005 => Scanning File C:\XASTROL\DATA\TRANSHSE.NDX
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\DATA\TRANSITR.TBL
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\DATA\TRANSITX.TBL
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\DATA.Z
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\EXPERT.BMP
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\EXPERT.Z
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\EXSYSIFO.ICO
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\GEMINI.RTF
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\HEDLG.DLL
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\HEICON.DLL
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\HEIMGMAN.DLL
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\HELP.ICO
Thu Apr 28 19:13:09 2005 => Scanning File C:\XASTROL\HERTF.DLL
Thu Apr 28 19:13:10 2005 => Scanning File C:\XASTROL\HETOOLS.DLL
Thu Apr 28 19:13:10 2005 => Scanning File C:\XASTROL\HIGHEDIT.DLL
Thu Apr 28 19:13:10 2005 => Scanning File C:\XASTROL\INS0762.LIB
Thu Apr 28 19:13:10 2005 => Scanning File C:\XASTROL\LEO.RTF
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\LIBRA.RTF
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\LOCATION.DB
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\LOCATION.PX
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\LOGO.BMP
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\PEOPLE.DB
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\PEOPLE.PX
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\PISCES.RTF
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\PXENGWIN.DLL
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\REGCARD.APS [**]
Thu Apr 28 19:13:11 2005 => Scanning File C:\XASTROL\REGCARD.H
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\SAGITTA.RTF
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\SCORPIO.RTF
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\SETUP.BMP
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\SETUP.EXE
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\SETUP.INS
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\STATE.DB
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\STATE.PX
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\SYSINFO.EXE
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\TAURUS.RTF
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\TEST.GRA
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\TEST.OUT
Thu Apr 28 19:13:12 2005 => Scanning File C:\XASTROL\TEST.RTF
Thu Apr 28 19:13:13 2005 => Scanning File C:\XASTROL\TEST1.OUT
Thu Apr 28 19:13:13 2005 => Scanning File C:\XASTROL\TEST1.RTF
Thu Apr 28 19:13:13 2005 => Scanning File C:\XASTROL\VIRGO.RTF
Thu Apr 28 19:13:13 2005 => Scanning File C:\XASTROL\X.ASC
Thu Apr 28 19:13:13 2005 => Scanning File C:\XASTROL\XASTENGN.DLL
Thu Apr 28 19:13:13 2005 => Scanning File C:\XASTROL\XGRAENGN.DLL

Thu Apr 28 19:13:14 2005 => ***** Checking for specific ITW Viruses *****
Thu Apr 28 19:13:14 2005 => Checking for Welchia Virus...
Thu Apr 28 19:13:14 2005 => Checking for LovGate Virus...
Thu Apr 28 19:13:14 2005 => Checking for CodeRed Virus...
Thu Apr 28 19:13:14 2005 => Checking for OpaServ Virus...
Thu Apr 28 19:13:14 2005 => Checking for Sobig.e Virus...
Thu Apr 28 19:13:14 2005 => Checking for Winupie Virus...
Thu Apr 28 19:13:14 2005 => Checking for Swen Virus...
Thu Apr 28 19:13:14 2005 => Checking for JS.Fortnight Virus...
Thu Apr 28 19:13:14 2005 => Checking for Novarg Virus...
Thu Apr 28 19:13:14 2005 => Checking for Pagabot Virus...
Thu Apr 28 19:13:14 2005 => Checking for Parite.b Virus...
Thu Apr 28 19:13:14 2005 => Checking for Parite.a Virus...

Thu Apr 28 19:13:14 2005 => ***** Scanning complete. *****

Thu Apr 28 19:13:14 2005 => Total Objects Scanned: 72218
Thu Apr 28 19:13:14 2005 => Total Virus(es) Found: 20
Thu Apr 28 19:13:14 2005 => Total Disinfected Files: 0
Thu Apr 28 19:13:14 2005 => Total Files Renamed: 0
Thu Apr 28 19:13:14 2005 => Total Deleted Objects: 0
Thu Apr 28 19:13:14 2005 => Total Errors: 28
Thu Apr 28 19:13:14 2005 => Time Elapsed: 05:00:27
Thu Apr 28 19:13:14 2005 => Virus Database Date: 2005/04/27
Thu Apr 28 19:13:14 2005 => Virus Database Count: 127505

Thu Apr 28 19:13:14 2005 => Scan Completed

[greyknight17]

I don't need the bottom logs that you gave me. All I need is the log that says, so and so file is infected by... which you gave me. Is that the whole log for that part? It's kind of short - don't see a lot of short ones.

So you can't delete files in this folder? -->> C:\ProgramFiles\NortonSystemWorks\NortonAntivirus\Quarantine\

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Run the mwav scan again. Give me the Virus Log ONLY.

[kphijack]

I was able to delete everything in the Norton/Quarantine folder.
Also, I ran the cleanup and it cleaned out almost 700mb of junk.

Ran the MWAV again, actually ran it twice in Safe Mode.
Below is the Virus Log Information.
I had to type it as I was unable to copy and paste.

This was the only line it came up with, after two Virus scans.
File C:\Program Files\Iomega\System32\Win2kDrivers.exe tagged as not-a-virus: ToolWin32.Reboot. No Action Taken

What happened to Alexa Spyware and Narrator Spyware?

I deleted all the Norton Quarantined files and the marinefree_249.exe file, so they should not appear again.

[greyknight17]

Alexa and Narrator seems to be gone to say the least. That entry that was found by mwav is ok to leave alone.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.

[kphijack]

The Log file might be clean, but.
Nothing has changed on my computer.
Same problems exist.
Cannot get to windowsupdate page. When I click on the link - my IE6 Browser goes know where. When I type the url in to the address bar - it shows a blank page and says Done in the status bar below.
I still cannot copy, cut or paste files in Windows. So my files are trapped on this computer.
McAfee Virus Scan gets diabled on startup.
Avast is half working.

Still same problems?

Don't know what to do?

[greyknight17]

OK, try out these two to see if they will fix anything:

Let's try registering Internet Explorer's DLL files. Go to Start->Run and copy and paste the following into the Run box and hit OK (go to Start->Run again for each one):

regsvr32 Shdocvw.dll
regsvr32 Shell32.dll
regsvr32 Oleaut32.dll
regsvr32 Actxprxy.dll
regsvr32 Mshtml.dll
regsvr32 Urlmon.dll

Go to Start->Run and type in sfc /scannow and hit OK. Let it run. If it doesn't find any missing/corrupted files, it should close by itself. If it does find something, it may ask for your Windows CD.

Restart and see if anything changed?

[kphijack]

All the Internet Explorer's DLL files registered correctly.

When I ran the sfc /scannow, I was asked to insert the Win XP Professional CD.
I inserted the Win CD and the sfc /scannow process continued. A dialog box popped up "Insert the Windows XP Professional CD", I would click retry on the dialog box and the sfc /scannow process continued. The dialog box came up multiple times and it continued until it was complete.
I rebooted.
Same problems exist.
Something different I did notice - during the reboot - the top of a small blue dialog box was showing in the lower left hand corner of the screen, then disappeared.

Overall no change, same problems.

[greyknight17]

A small blue dialog box? I'm wondering if this is another infection that I have seen. Do you get any popups?

This might be a Windows problem. OK, try this. Go to this site and see if the suggestions there will help.

If not, post this question in the Windows forums. Post back when it's resolved so that I will close this topic.

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.